Platform and method for establishing provable identities while maintaining privacy
First Claim
1. A method comprising:
- producing a pseudonym including a public pseudonym key within a first platform;
placing the public pseudonym key into a certificate template;
performing a hash operation on the certificate template to produce a certificate hash value;
performing a transformation on the certificate hash value to create a blinded certificate hash value, the performing of the transformation includes performing a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power;
creating a certificate request including the blinded certificate hash value;
digitally signing the certification request with a private key of the first platform to produce a signed certification request;
transferring the signed certificate request with a device certificate including a public key of the first platform; and
encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.
225 Citations
21 Claims
-
1. A method comprising:
-
producing a pseudonym including a public pseudonym key within a first platform; placing the public pseudonym key into a certificate template; performing a hash operation on the certificate template to produce a certificate hash value; performing a transformation on the certificate hash value to create a blinded certificate hash value, the performing of the transformation includes performing a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power; creating a certificate request including the blinded certificate hash value; digitally signing the certification request with a private key of the first platform to produce a signed certification request; transferring the signed certificate request with a device certificate including a public key of the first platform; and encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A platform comprising:
-
a transceiver; and a device in communication with the transceiver, the device including a persistent memory to contain a permanent key pair, at least one pseudonym being an alternative key pair generated internally within the device and used in lieu of the permanent key pair to establish secured communications via transmissions from the transceiver to a remote platform, the device comprising a processing unit to; write a public pseudonym key into a certificate template, perform a hash operation on the certificate template to produce a certificate hash value, perform a transformation on the certificate hash value to create a blinded certificate hash value, the transformation including a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value, create a certification request including the blinded certificate hash value, digitally sign the certification request with a private key of the platform to produce a signed certification request, append the signed certification request with a device certificate that includes at least a public key of the platform, encrypt the signed certification request and the device certificate with a public key of the remote platform. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method comprising:
-
producing a pseudonym within a first platform, the pseudonym representing a persistent identity of the first platform so long as a user chooses to retain the pseudonym; performing a hash operation on a certificate template including pseudonym to produce a certificate hash value; performing a transformation on a certificate hash value to create a blinded certificate hash value by multiplying the certificate hash value, being a hash value of information including the pseudonym, by a pseudo-random number generated within and maintained by the first platform, the pseudo-random number being a predetermined value raised to a pseudo-randomly selected power; and transmitting the pseudonym in an obfuscated format to a second platform; wherein the transmitting of the pseudonym comprises; creating a certificate request including the blinded certificate hash value, digitally signing the certification request with a private key of the first platform to produce a signed certification request, transferring the signed certificate request with a device certificate including a public key of the first platform, and encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method comprising:
-
producing a pseudonym within a first platform, the pseudonym representing a persistent identity of the first platform so long as a user chooses to retain the pseudonym; performing a hash operation on a certificate template including pseudonym to produce a certificate hash value; performing a transformation on a certificate hash value to create a blinded certificate hash value by multiplying the certificate hash value, being a hash value of information including the pseudonym, by a pseudo-random number generated within and maintained by the first platform, the pseudo-random number being a predetermined value raised to a power; creating a certificate request including the blinded certificate hash value; digitally signing the certification request with a private key of the first platform to produce a signed certification request; transferring the signed certificate request with a device certificate including a public key of the first platform; and encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate. - View Dependent Claims (18, 19, 20, 21)
-
Specification